RE: [PHP] Shared SessionIDs?

2003-11-05 Thread Chris Shiflett
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote: > But seriously, why is it such a bad idea? I'd like to finally figure > this out so I don't keep coming up with them (not that I've ever used > any). ;) I have a free chapter that explains cookies at the protocol level here: http://shiflett.org/bo

Re: [PHP] Shared SessionIDs?

2003-11-05 Thread CPT John W. Holmes
From: "Chris W. Parker" <[EMAIL PROTECTED]> > But seriously, why is it such a bad idea? I'd like to finally figure > this out so I don't keep coming up with them (not that I've ever used > any). ;) I've got to remember back to what the original thread was about... :) The suggestion, iirc, was to

RE: [PHP] Shared SessionIDs?

2003-11-05 Thread Chris W. Parker
John W. Holmes on Tuesday, November 04, 2003 6:07 PM said: > I think you missed the part where he said "while keeping secure"... :) > > Storing something like this in a cookie is in no way secure. Hey man! That's why I put the disclaimer... >> Here's an idea (whet

RE: [PHP] Shared SessionIDs?

2003-11-05 Thread Guillaume Dupuis
I'll try the 'msession' road. Thanks again for everybody's input, Guillaume -Original Message- From: Chris Shiflett [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2003 6:36 PM To: Guillaume Dupuis; [EMAIL PROTECTED] Subject: Re: [PHP] Shared SessionIDs?

Re: [PHP] Shared SessionIDs?

2003-11-04 Thread John W. Holmes
Chris W. Parker wrote: Guillaume Dupuis We currently have 3 php servers. Can we use the same SessionID to connect across the 3 systems? If not, what would you suggest to minimize the number of login prompts, while keeping secure? Here's an idea (whether or not it's a g

RE: [PHP] Shared SessionIDs?

2003-11-04 Thread Chris Shiflett
--- "Chris W. Parker" <[EMAIL PROTECTED]> wrote: > Store the username+password as an MD5 hash in a cookie, also store the > user id. Then on the other servers you can read the user id and use that > to pull out the username and password hash (you do hash your passwords > within the database right?)

Re: [PHP] Shared SessionIDs?

2003-11-04 Thread Chris Shiflett
--- Guillaume Dupuis <[EMAIL PROTECTED]> wrote: > We currently have 3 php servers. Can we use the same SessionID to > connect across the 3 systems? Yes, assuming I understand you correctly. There are many ways to address this challenge, but one method is to use a database for your session store.

Re: [PHP] Shared SessionIDs?

2003-11-04 Thread Marek Kilimajer
Guillaume Dupuis wrote: Hi, I am new to PHP, so I hope I phrase this okay :) We currently have 3 php servers. Can we use the same SessionID to connect across the 3 systems? If not, what would you suggest to minimize the number of login prompts, while keeping secure? Thanks in advance, Guillaume D

RE: [PHP] Shared SessionIDs?

2003-11-04 Thread Chris W. Parker
Guillaume Dupuis on Tuesday, November 04, 2003 2:36 PM said: > We currently have 3 php servers. Can we use the same SessionID to > connect across the 3 systems? If not, what would you suggest to > minimize the number of login prompts, while keeping secure? Here's an

[PHP] Shared SessionIDs?

2003-11-04 Thread Guillaume Dupuis
Hi, I am new to PHP, so I hope I phrase this okay :) We currently have 3 php servers. Can we use the same SessionID to connect across the 3 systems? If not, what would you suggest to minimize the number of login prompts, while keeping secure? Thanks in advance, Guillaume Dupuis -- PHP General